#VU14575 Authentication bypass in Grafana - CVE-2018-558213
Vulnerability identifier: #VU14575
Vulnerability risk: High
CVSSv4.0: 7.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2018-558213, CVE-2018-15727
CWE-ID:
CWE-287
Exploitation vector: Network
Exploit availability: Yes
Vulnerable software:
Grafana
Web applications /
Other software
Vendor: Grafana Labs
Description
The vulnerability allows a remote attacker to bypass authentication.
The vulnerability exists due to the web application generates predictable cookie value for the "remember me" cookie that is based on the username of an LDAP or OAuth user. A remote non-authenticated attacker can bypass authentication process and gain unrestricted access to the web application.
Successful exploitation of the vulnerability requires knowledge of the username.
Mitigation
Update to version 4.6.4 or 5.2.3.
Vulnerable software versions
Grafana: 2.0.0 beta1 - 2.0.2, 2.1.0 - 2.1.3, 2.5.0, 2.6.0 beta1 - 2.6.0, 3.0.0 beta6 - 3.0.4, 3.1.0 beta1 - 3.1.1, 4.0.0 beta1 - 4.0.2, 4.1.0 beta1 - 4.1.2, 4.2.0 beta1 - 4.2.0, 4.3.0 beta1 - 4.3.2, 4.4.0 - 4.4.3, 4.5.0 beta1 - 4.5.2, 4.6.0 beta1 - 4.6.3, 5.0.0 beta1 - 5.0.4, 5.1.0 beta1 - 5.1.5, 5.2.0 beta1 - 5.2.2
External links
https://community.grafana.com/t/grafana-5-2-3-and-4-6-4-security-update/10050
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
